Showing posts from June, 2010

Preventing SSH timeouts: A probable solution

Recently, we had seen some dropped SSH connections causing our process to fail which are dependent on SSH. I tried some analysis on both the hosts for the SSH connection drop and presenting below some analysis  that might have triggered the failure .

Analyzing SSH connection drops due to network inactivity:

The connection tracking procedures implemented in proxies and firewalls  keeps track of all connections that pass through them. Because of the physical limits of these machines, they can only keep a finite number of connections in their memory. The most common and logical policy is to keep newest connections and to discard old and inactive connections first. This can be one of the reason for connection drops but does not looks to be the reason in our case as our hosts are not behind NAT . For scenarios where hosts are behind NAT and are seeing dropped SSH connections , we may probably want to set the keep-alive time (/proc/sys/net/ipv4/tcp_keepalive_time) to a value less than the N…